scinote-web/app/controllers/assets_controller.rb
2020-11-04 13:08:40 +01:00

234 lines
6.8 KiB
Ruby

# frozen_string_literal: true
class AssetsController < ApplicationController
include WopiUtil
include AssetsActions
# include ActionView::Helpers
include ActiveStorage::SetCurrent
include ActionView::Helpers::AssetTagHelper
include ActionView::Helpers::TextHelper
include ActionView::Helpers::UrlHelper
include ActionView::Context
include ApplicationHelper
include InputSanitizeHelper
include FileIconsHelper
include MyModulesHelper
helper_method :wopi_file_edit_button_status
before_action :load_vars, except: :create_wopi_file
before_action :check_read_permission, except: %i(edit destroy)
before_action :check_edit_permission, only: %i(edit destroy)
def file_preview
render json: { html: render_to_string(
partial: 'shared/file_preview/content.html.erb',
locals: {
asset: @asset,
can_edit: can_manage_asset?(@asset),
gallery: params[:gallery]
}
) }
end
def toggle_view_mode
@asset.view_mode = toggle_view_mode_params[:view_mode]
if @asset.save(touch: false)
gallery_view_id = @assoc.id if @assoc.class == Step
html = render_to_string(partial: 'assets/asset.html.erb', locals: {
asset: @asset,
gallery_view_id: gallery_view_id
})
respond_to do |format|
format.json do
render json: { html: html }, status: :ok
end
end
end
end
def file_url
return render_404 unless @asset.file.attached?
render plain: @asset.file.blob.service_url
end
def download
redirect_to rails_blob_path(@asset.file, disposition: 'attachment')
end
def edit
action = @asset.file_size.zero? && !@asset.locked? ? 'editnew' : 'edit'
@action_url = append_wd_params(@asset.get_action_url(current_user, action, false))
@favicon_url = @asset.favicon_url('edit')
tkn = current_user.get_wopi_token
@token = tkn.token
@ttl = (tkn.ttl * 1000).to_s
@asset.step&.protocol&.update(updated_at: Time.zone.now)
create_wopi_file_activity(current_user, true)
render layout: false
end
def view
@action_url = append_wd_params(@asset.get_action_url(current_user, 'view', false))
@favicon_url = @asset.favicon_url('view')
tkn = current_user.get_wopi_token
@token = tkn.token
@ttl = (tkn.ttl * 1000).to_s
render layout: false
end
def create_start_edit_image_activity
create_edit_image_activity(@asset, current_user, :start_editing)
end
def update_image
@asset = Asset.find(params[:id])
orig_file_size = @asset.file_size
orig_file_name = @asset.file_name
return render_403 unless can_read_team?(@asset.team)
@asset.file.attach(io: params.require(:image), filename: orig_file_name)
@asset.save!
create_edit_image_activity(@asset, current_user, :finish_editing)
# release previous image space
@asset.team.release_space(orig_file_size)
# Post process file here
@asset.post_process_file(@asset.team)
@asset.step&.protocol&.update(updated_at: Time.zone.now)
render_html = if @asset.step || @asset.result
render_to_string(
partial: 'assets/asset.html.erb',
locals: { asset: @asset },
formats: :html
)
else
render_to_string(
partial: 'assets/asset_link.html.erb',
locals: { asset: @asset, display_image_tag: true },
formats: :html
)
end
respond_to do |format|
format.json do
render json: { html: render_html }
end
end
end
# POST: create_wopi_file_path
def create_wopi_file
# Presence validation
params.require(%i(element_type element_id file_type))
# File type validation
render_403 && return unless %w(docx xlsx pptx).include?(params[:file_type])
# Asset validation
asset = Asset.new(created_by: current_user, team: current_team)
asset.file.attach(io: StringIO.new,
filename: "#{params[:file_name]}.#{params[:file_type]}",
content_type: wopi_content_type(params[:file_type]))
unless asset.valid?(:wopi_file_creation)
render json: {
message: asset.errors
}, status: :bad_request and return
end
# Create file depending on the type
if params[:element_type] == 'Step'
step = Step.find(params[:element_id].to_i)
render_403 && return unless can_manage_protocol_in_module?(step.protocol) ||
can_manage_protocol_in_repository?(step.protocol)
step_asset = StepAsset.create!(step: step, asset: asset)
step.protocol&.update(updated_at: Time.zone.now)
edit_url = edit_asset_url(step_asset.asset_id)
elsif params[:element_type] == 'Result'
my_module = MyModule.find(params[:element_id].to_i)
render_403 and return unless can_manage_module?(my_module)
# First create result and then the asset
result = Result.create(name: asset.file_name,
my_module: my_module,
user: current_user)
result_asset = ResultAsset.create!(result: result, asset: asset)
edit_url = edit_asset_url(result_asset.asset_id)
else
render_404 and return
end
# Prepare file preview in advance
asset.medium_preview.processed && asset.large_preview.processed
# Return edit url
render json: {
success: true,
edit_url: edit_url
}, status: :ok
end
def destroy
if @asset.destroy
render json: { flash: 'File deleted' }
else
render json: {}, status: :unprocessable_entity
end
end
private
def load_vars
@asset = Asset.find_by(id: params[:id])
return render_404 unless @asset
@assoc ||= @asset.step
@assoc ||= @asset.result
@assoc ||= @asset.repository_cell
if @assoc.class == Step
@protocol = @asset.step.protocol
elsif @assoc.class == Result
@my_module = @assoc.my_module
elsif @assoc.class == RepositoryCell
@repository = @assoc.repository_column.repository
end
end
def check_read_permission
render_403 unless can_read_asset?(@asset)
end
def check_edit_permission
render_403 unless can_manage_asset?(@asset)
end
def append_wd_params(url)
exclude_params = %w(wdPreviousSession wdPreviousCorrelation)
wd_params = params.as_json.select { |key, _value| key[/^wd.*/] && !(exclude_params.include? key) }.to_query
url + '&' + wd_params
end
def asset_params
params.permit(:file)
end
def toggle_view_mode_params
params.require(:asset).permit(:view_mode)
end
def asset_data_type(asset)
return 'wopi' if wopi_file?(asset)
return 'image' if asset.image?
'file'
end
end